debian-mirror-gitlab/spec/requests/api/triggers_spec.rb

329 lines
12 KiB
Ruby
Raw Permalink Normal View History

2019-12-26 22:10:19 +05:30
# frozen_string_literal: true
2015-12-23 02:04:40 +05:30
require 'spec_helper'
2020-07-28 23:09:34 +05:30
RSpec.describe API::Triggers do
2020-03-13 15:44:24 +05:30
let_it_be(:user) { create(:user) }
let_it_be(:user2) { create(:user) }
2019-02-02 18:00:53 +05:30
let!(:trigger_token) { 'secure_token' }
let!(:trigger_token_2) { 'secure_token_2' }
2017-08-17 22:00:37 +05:30
let!(:project) { create(:project, :repository, creator: user) }
2018-11-18 11:00:15 +05:30
let!(:maintainer) { create(:project_member, :maintainer, user: user, project: project) }
2016-06-02 11:05:42 +05:30
let!(:developer) { create(:project_member, :developer, user: user2, project: project) }
2018-03-17 18:26:18 +05:30
let!(:trigger) { create(:ci_trigger, project: project, token: trigger_token, owner: user) }
let!(:trigger2) { create(:ci_trigger, project: project, token: trigger_token_2, owner: user2) }
let!(:trigger_request) { create(:ci_trigger_request, trigger: trigger, created_at: '2015-01-01 12:13:14') }
2017-08-17 22:00:37 +05:30
describe 'POST /projects/:project_id/trigger/pipeline' do
2017-09-10 17:25:29 +05:30
let!(:project2) { create(:project, :repository) }
2015-12-23 02:04:40 +05:30
let(:options) do
{
token: trigger_token
}
end
before do
stub_ci_pipeline_to_return_yaml_file
2015-12-23 02:04:40 +05:30
end
context 'Handles errors' do
2016-09-13 17:45:13 +05:30
it 'returns bad request if token is missing' do
2019-02-15 15:39:39 +05:30
post api("/projects/#{project.id}/trigger/pipeline"), params: { ref: 'master' }
2017-08-17 22:00:37 +05:30
2020-04-08 14:13:33 +05:30
expect(response).to have_gitlab_http_status(:bad_request)
2015-12-23 02:04:40 +05:30
end
2016-09-13 17:45:13 +05:30
it 'returns not found if project is not found' do
2019-02-15 15:39:39 +05:30
post api('/projects/0/trigger/pipeline'), params: options.merge(ref: 'master')
2017-08-17 22:00:37 +05:30
2020-04-08 14:13:33 +05:30
expect(response).to have_gitlab_http_status(:not_found)
2015-12-23 02:04:40 +05:30
end
end
context 'Have a commit' do
2019-02-15 15:39:39 +05:30
let(:pipeline) { project.ci_pipelines.last }
2015-12-23 02:04:40 +05:30
2017-08-17 22:00:37 +05:30
it 'creates pipeline' do
2019-02-15 15:39:39 +05:30
post api("/projects/#{project.id}/trigger/pipeline"), params: options.merge(ref: 'master')
2017-08-17 22:00:37 +05:30
2020-04-08 14:13:33 +05:30
expect(response).to have_gitlab_http_status(:created)
2017-08-17 22:00:37 +05:30
expect(json_response).to include('id' => pipeline.id)
pipeline.builds.reload
2016-09-13 17:45:13 +05:30
expect(pipeline.builds.pending.size).to eq(2)
expect(pipeline.builds.size).to eq(5)
2015-12-23 02:04:40 +05:30
end
2017-08-17 22:00:37 +05:30
it 'returns bad request with no pipeline created if there\'s no commit for that ref' do
2019-02-15 15:39:39 +05:30
post api("/projects/#{project.id}/trigger/pipeline"), params: options.merge(ref: 'other-branch')
2017-08-17 22:00:37 +05:30
2020-04-08 14:13:33 +05:30
expect(response).to have_gitlab_http_status(:bad_request)
2017-09-10 17:25:29 +05:30
expect(json_response['message']).to eq('base' => ["Reference not found"])
2015-12-23 02:04:40 +05:30
end
context 'Validates variables' do
let(:variables) do
{ 'TRIGGER_KEY' => 'TRIGGER_VALUE' }
end
2016-09-13 17:45:13 +05:30
it 'validates variables to be a hash' do
2019-02-15 15:39:39 +05:30
post api("/projects/#{project.id}/trigger/pipeline"), params: options.merge(variables: 'value', ref: 'master')
2017-08-17 22:00:37 +05:30
2020-04-08 14:13:33 +05:30
expect(response).to have_gitlab_http_status(:bad_request)
2017-08-17 22:00:37 +05:30
expect(json_response['error']).to eq('variables is invalid')
2015-12-23 02:04:40 +05:30
end
2016-09-13 17:45:13 +05:30
it 'validates variables needs to be a map of key-valued strings' do
2019-02-15 15:39:39 +05:30
post api("/projects/#{project.id}/trigger/pipeline"), params: options.merge(variables: { key: %w(1 2) }, ref: 'master')
2017-08-17 22:00:37 +05:30
2020-04-08 14:13:33 +05:30
expect(response).to have_gitlab_http_status(:bad_request)
2015-12-23 02:04:40 +05:30
expect(json_response['message']).to eq('variables needs to be a map of key-valued strings')
end
2016-09-13 17:45:13 +05:30
it 'creates trigger request with variables' do
2019-02-15 15:39:39 +05:30
post api("/projects/#{project.id}/trigger/pipeline"), params: options.merge(variables: variables, ref: 'master')
2017-08-17 22:00:37 +05:30
2020-04-08 14:13:33 +05:30
expect(response).to have_gitlab_http_status(:created)
2017-09-10 17:25:29 +05:30
expect(pipeline.variables.map { |v| { v.key => v.value } }.last).to eq(variables)
end
end
2017-08-17 22:00:37 +05:30
end
context 'when triggering a pipeline from a trigger token' do
2017-09-10 17:25:29 +05:30
it 'does not leak the presence of project when token is for different project' do
2019-02-15 15:39:39 +05:30
post api("/projects/#{project2.id}/ref/master/trigger/pipeline?token=#{trigger_token}"), params: { ref: 'refs/heads/other-branch' }
2017-09-10 17:25:29 +05:30
2020-04-08 14:13:33 +05:30
expect(response).to have_gitlab_http_status(:not_found)
2017-09-10 17:25:29 +05:30
end
2017-08-17 22:00:37 +05:30
it 'creates builds from the ref given in the URL, not in the body' do
expect do
2019-02-15 15:39:39 +05:30
post api("/projects/#{project.id}/ref/master/trigger/pipeline?token=#{trigger_token}"), params: { ref: 'refs/heads/other-branch' }
2017-08-17 22:00:37 +05:30
end.to change(project.builds, :count).by(5)
2020-04-08 14:13:33 +05:30
expect(response).to have_gitlab_http_status(:created)
2017-08-17 22:00:37 +05:30
end
context 'when ref contains a dot' do
it 'creates builds from the ref given in the URL, not in the body' do
project.repository.create_file(user, '.gitlab/gitlabhq/new_feature.md', 'something valid', message: 'new_feature', branch_name: 'v.1-branch')
expect do
2019-02-15 15:39:39 +05:30
post api("/projects/#{project.id}/ref/v.1-branch/trigger/pipeline?token=#{trigger_token}"), params: { ref: 'refs/heads/other-branch' }
2017-08-17 22:00:37 +05:30
end.to change(project.builds, :count).by(4)
2020-04-08 14:13:33 +05:30
expect(response).to have_gitlab_http_status(:created)
2015-12-23 02:04:40 +05:30
end
end
end
2020-03-07 23:17:34 +05:30
context 'when is triggered by a pipeline hook' do
it 'does not create a new pipeline' do
expect do
post api("/projects/#{project.id}/ref/master/trigger/pipeline?token=#{trigger_token}"),
params: { ref: 'refs/heads/other-branch' },
headers: { WebHookService::GITLAB_EVENT_HEADER => 'Pipeline Hook' }
end.not_to change(Ci::Pipeline, :count)
expect(response).to have_gitlab_http_status(:forbidden)
end
end
2015-12-23 02:04:40 +05:30
end
describe 'GET /projects/:id/triggers' do
2019-02-02 18:00:53 +05:30
context 'authenticated user who can access triggers' do
it 'returns a list of triggers with tokens exposed correctly' do
get api("/projects/#{project.id}/triggers", user)
2020-04-08 14:13:33 +05:30
expect(response).to have_gitlab_http_status(:ok)
2017-08-17 22:00:37 +05:30
expect(response).to include_pagination_headers
2019-02-02 18:00:53 +05:30
expect(json_response).to be_a(Array)
2019-02-02 18:00:53 +05:30
expect(json_response.size).to eq 2
expect(json_response.dig(0, 'token')).to eq trigger_token
expect(json_response.dig(1, 'token')).to eq trigger_token_2[0..3]
end
end
context 'authenticated user with invalid permissions' do
2016-09-13 17:45:13 +05:30
it 'does not return triggers list' do
get api("/projects/#{project.id}/triggers", user2)
2020-04-08 14:13:33 +05:30
expect(response).to have_gitlab_http_status(:forbidden)
end
end
context 'unauthenticated user' do
2016-09-13 17:45:13 +05:30
it 'does not return triggers list' do
get api("/projects/#{project.id}/triggers")
2020-04-08 14:13:33 +05:30
expect(response).to have_gitlab_http_status(:unauthorized)
end
end
end
2017-08-17 22:00:37 +05:30
describe 'GET /projects/:id/triggers/:trigger_id' do
context 'authenticated user with valid permissions' do
2016-09-13 17:45:13 +05:30
it 'returns trigger details' do
2017-08-17 22:00:37 +05:30
get api("/projects/#{project.id}/triggers/#{trigger.id}", user)
2020-04-08 14:13:33 +05:30
expect(response).to have_gitlab_http_status(:ok)
expect(json_response).to be_a(Hash)
end
2016-09-13 17:45:13 +05:30
it 'responds with 404 Not Found if requesting non-existing trigger' do
2017-08-17 22:00:37 +05:30
get api("/projects/#{project.id}/triggers/-5", user)
2020-04-08 14:13:33 +05:30
expect(response).to have_gitlab_http_status(:not_found)
end
end
context 'authenticated user with invalid permissions' do
2016-09-13 17:45:13 +05:30
it 'does not return triggers list' do
2017-08-17 22:00:37 +05:30
get api("/projects/#{project.id}/triggers/#{trigger.id}", user2)
2020-04-08 14:13:33 +05:30
expect(response).to have_gitlab_http_status(:forbidden)
end
end
context 'unauthenticated user' do
2016-09-13 17:45:13 +05:30
it 'does not return triggers list' do
2017-08-17 22:00:37 +05:30
get api("/projects/#{project.id}/triggers/#{trigger.id}")
2020-04-08 14:13:33 +05:30
expect(response).to have_gitlab_http_status(:unauthorized)
end
end
end
describe 'POST /projects/:id/triggers' do
context 'authenticated user with valid permissions' do
2017-08-17 22:00:37 +05:30
context 'with required parameters' do
it 'creates trigger' do
expect do
post api("/projects/#{project.id}/triggers", user),
2019-02-15 15:39:39 +05:30
params: { description: 'trigger' }
2018-03-17 18:26:18 +05:30
end.to change {project.triggers.count}.by(1)
2017-08-17 22:00:37 +05:30
2020-04-08 14:13:33 +05:30
expect(response).to have_gitlab_http_status(:created)
2017-08-17 22:00:37 +05:30
expect(json_response).to include('description' => 'trigger')
end
end
context 'without required parameters' do
it 'does not create trigger' do
post api("/projects/#{project.id}/triggers", user)
2018-03-17 18:26:18 +05:30
expect(response).to have_gitlab_http_status(:bad_request)
2017-08-17 22:00:37 +05:30
end
end
end
context 'authenticated user with invalid permissions' do
2016-09-13 17:45:13 +05:30
it 'does not create trigger' do
2017-08-17 22:00:37 +05:30
post api("/projects/#{project.id}/triggers", user2),
2019-02-15 15:39:39 +05:30
params: { description: 'trigger' }
2020-04-08 14:13:33 +05:30
expect(response).to have_gitlab_http_status(:forbidden)
end
end
context 'unauthenticated user' do
2016-09-13 17:45:13 +05:30
it 'does not create trigger' do
2017-08-17 22:00:37 +05:30
post api("/projects/#{project.id}/triggers"),
2019-02-15 15:39:39 +05:30
params: { description: 'trigger' }
2017-08-17 22:00:37 +05:30
2020-04-08 14:13:33 +05:30
expect(response).to have_gitlab_http_status(:unauthorized)
2017-08-17 22:00:37 +05:30
end
end
end
describe 'PUT /projects/:id/triggers/:trigger_id' do
2020-03-28 13:19:24 +05:30
context 'user is maintainer of the project' do
context 'the trigger belongs to user' do
let(:new_description) { 'new description' }
2017-08-17 22:00:37 +05:30
2020-03-28 13:19:24 +05:30
it 'updates description' do
put api("/projects/#{project.id}/triggers/#{trigger.id}", user),
params: { description: new_description }
2017-08-17 22:00:37 +05:30
2020-03-28 13:19:24 +05:30
expect(response).to have_gitlab_http_status(:ok)
expect(json_response).to include('description' => new_description)
expect(trigger.reload.description).to eq(new_description)
end
end
context 'the trigger does not belong to user' do
it 'does not update trigger' do
put api("/projects/#{project.id}/triggers/#{trigger2.id}", user)
expect(response).to have_gitlab_http_status(:forbidden)
end
2017-08-17 22:00:37 +05:30
end
end
2020-03-28 13:19:24 +05:30
context 'user is developer of the project' do
context 'the trigger belongs to user' do
it 'does not update trigger' do
put api("/projects/#{project.id}/triggers/#{trigger2.id}", user2)
2017-08-17 22:00:37 +05:30
2020-03-28 13:19:24 +05:30
expect(response).to have_gitlab_http_status(:forbidden)
end
end
context 'the trigger does not belong to user' do
it 'does not update trigger' do
put api("/projects/#{project.id}/triggers/#{trigger.id}", user2)
expect(response).to have_gitlab_http_status(:forbidden)
end
2017-08-17 22:00:37 +05:30
end
end
context 'unauthenticated user' do
it 'does not update trigger' do
put api("/projects/#{project.id}/triggers/#{trigger.id}")
2020-04-08 14:13:33 +05:30
expect(response).to have_gitlab_http_status(:unauthorized)
2017-08-17 22:00:37 +05:30
end
end
end
describe 'DELETE /projects/:id/triggers/:trigger_id' do
context 'authenticated user with valid permissions' do
2016-09-13 17:45:13 +05:30
it 'deletes trigger' do
expect do
2017-08-17 22:00:37 +05:30
delete api("/projects/#{project.id}/triggers/#{trigger.id}", user)
2020-04-08 14:13:33 +05:30
expect(response).to have_gitlab_http_status(:no_content)
2018-03-17 18:26:18 +05:30
end.to change {project.triggers.count}.by(-1)
end
2016-09-13 17:45:13 +05:30
it 'responds with 404 Not Found if requesting non-existing trigger' do
2017-08-17 22:00:37 +05:30
delete api("/projects/#{project.id}/triggers/-5", user)
2020-04-08 14:13:33 +05:30
expect(response).to have_gitlab_http_status(:not_found)
2018-03-17 18:26:18 +05:30
end
it_behaves_like '412 response' do
let(:request) { api("/projects/#{project.id}/triggers/#{trigger.id}", user) }
end
end
context 'authenticated user with invalid permissions' do
2016-09-13 17:45:13 +05:30
it 'does not delete trigger' do
2017-08-17 22:00:37 +05:30
delete api("/projects/#{project.id}/triggers/#{trigger.id}", user2)
2020-04-08 14:13:33 +05:30
expect(response).to have_gitlab_http_status(:forbidden)
end
end
context 'unauthenticated user' do
2016-09-13 17:45:13 +05:30
it 'does not delete trigger' do
2017-08-17 22:00:37 +05:30
delete api("/projects/#{project.id}/triggers/#{trigger.id}")
2020-04-08 14:13:33 +05:30
expect(response).to have_gitlab_http_status(:unauthorized)
end
end
end
2015-12-23 02:04:40 +05:30
end